By focusing on the three V’s — volume, velocity and visibility — of Software as a Service (SaaS) security, organizations can streamline and improve their security team’s efficiency, reducing their workload and increasing protection for the company against any potential exposure or data breach.
Ben Johnson, former NSA and Chief Technology Officer (CTO) of SaaS application security firm, Obsidian, has found that businesses around the world are adopting Software as a service (SaaS) apps in droves for collaboration, ease of access to data and business continuity. With this increased adoption, comes the inevitable trend of state-sponsored actors merely logging in to steal data rather than having to break in. Here, Johnson talks to Security magazine about security issues associated with SaaS applications.
Organizations' migration to the cloud is a broad term that encompasses many different trends: (1) Moving existing applications from private data centers to AWS, Azure, or the Google Cloud Platform as cloud service providers (CSPs), often referred to as lift-and-shift or infrastructure-as-a-service (IaaS); (2) Completely restructuring how applications are built to make heavier use of prepackaged services available on these cloud service platforms – often referred to as lift-and-reshape, serverless, or platform-as-a-service (PaaS); (3) Choosing to forgo running copies of standard applications instead of having the application vendor host them is sometimes referred to as drop-and-shop or software-as-a-service (SaaS).
Security Access Service Edge (SASE) is the latest security trend to hit the world of cybersecurity for enterprises. But unlike meaningless buzzwords, SASE looks set to become an essential toolkit for any cybersecurity framework.
The question is this. Is this skepticism based on fact or as a result of that well-established human trait – resistance to change? In other words, does the convenience offered by a cloud app outweigh potential security threats such as hacking, and how susceptible are SaaS (Software as a Service) cloud apps to attack in the first place? To answer this question, let’s consider Microsoft Office 365, which is one of the most widely used software packages on the planet with more than 27 million consumer users and over 100 million enterprise users.
Risk remains the top concern for organizations adopting software-as-a-service (SaaS) models and this is an issue that is only getting worse. What is needed today is the ability to remove the dependency on human behavior and human error, bringing control back to the security team.